dilbert
16 Listopad 2012 12:36
#1
Witam mam nietypowy problem. Pożyczyłem pendrive koledze i chyba złapałem jakiegoś wirusa na nim. Chodzi o to że foldery które miałem na tym pendrive zamieniły się w skróty i nie można ich otworzyc.
Zrobiłem Research programem USB FIX. Oto wynik:
http://wklej.org/id/872186/
Proszę o pomoc w tych folderach miałem bardzo ważne dokumenty i chciałbym je odzyskać.
Atis
16 Listopad 2012 12:40
#2
dilbert
16 Listopad 2012 12:59
#3
Atis
16 Listopad 2012 13:45
#4
Odinstaluj Complitly.
Pobierz AdwCleaner
Zamknij przeglądarkę internetową.
Uruchom AdwCleaner i kliknij Delete.
Do okna Własne opcje skanowania / skrypt wklej:
:OTL SRV - File not found [Auto | Stopped] – c:\program files\otshot\ZalmanUpdateService.exe – (otshot) DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\lgusbmodem.sys – (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\lgusbdiag.sys – (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\lgusbbus.sys – (usbbus) DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\pfc027.sys – (SoC PC-Camera Service) [2012-06-26 11:14:20 | 000,000,000 | —D | M] (Complitly - Speed up your search with your personal search suggestions tool) – C:\Documents and Settings\Berlot\Dane aplikacji\Mozilla\Firefox\Profiles\4zeq7sa2.default\extensions{33e0daa6-3af3-d8b5-6752-10e949c61516} [2012-03-05 21:32:43 | 000,000,000 | —D | M] (DownloadnSave) – C:\Documents and Settings\Berlot\Dane aplikacji\Mozilla\Firefox\Profiles\4zeq7sa2.default\extensions\info@downloadsave.com [2012-06-26 11:12:31 | 000,003,267 | ---- | M] () – C:\Documents and Settings\Berlot\Dane aplikacji\Mozilla\Firefox\Profiles\4zeq7sa2.default\searchplugins\Web Search.xml [2009-10-16 21:37:09 | 000,001,238 | ---- | M] () – C:\Documents and Settings\Berlot\Dane aplikacji\Mozilla\Firefox\Profiles\4zeq7sa2.default\searchplugins\winamp-search.xml [2012-06-26 11:12:31 | 000,003,267 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\Web Search.xml O4 - HKLM…\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM…\Run: [Otshot] c:\program files\otshot\otshot.exe -minimize File not found O4 - HKLM…\Run: [TFncKy] TFncKy.exe File not found O4 - HKLM…\RunOnce: [] File not found [2012-01-13 17:20:41 | 000,008,454 | ---- | C] () – C:\Documents and Settings\All Users\Dane aplikacji\dd00c15b :Files RECYCLER /alldrives F:\ed7e8f3_l.exe F:\ed7e8f3_a.exe F:\autorun.inf F:*.lnk attrib /d /s -s -h F:* /c :Commands [emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
dilbert
16 Listopad 2012 19:27
#5
AdwCleaner:
http://wklej.org/id/872478/
Wykonanie skryptu:
http://wklej.org/id/872479/
Skan OTL:
http://wklej.org/id/872484/
Extras
http://wklej.org/id/872481/
Pendrive wyzdrowiał pojawiły sie już normalne pliki. Dzięki za pomoc
Atis
16 Listopad 2012 19:35
#6
W UsbFix kliknij Vaccinate i później Uninstall.
Wklej i kliknij Wykonaj skrypt:
:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKLM…\SearchScopes,DefaultScope = IE - HKLM…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.certified-toolbar.com?si= … tid=397&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si= … bs=true&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si= … ue&tid=397 IE - HKCU…\SearchScopes,DefaultScope = IE - HKCU…\SearchScopes{A4C35C24-B778-4C10-AC70-888DBF5FF7B2}: “URL” = http://search.certified-toolbar.com?si= … tid=397&q={searchTerms} FF - prefs.js…browser.search.defaultengine: “Web Search” FF - prefs.js…browser.search.defaultenginename: “Web Search” FF - prefs.js…browser.search.defaulturl: “http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query= ” FF - prefs.js…browser.search.order.1: “Web Search” FF - prefs.js…extensions.enabledAddons: info@downloadsave.com:1.0 FF - prefs.js…extensions.enabledItems: info@downloadsave.com:1.0 FF - prefs.js…keyword.URL: “http://search.certified-toolbar.com?si=41179&tid=397&bs=true&q= ”
Uruchom OTL i kliknij Sprzątanie.
Wyłącz i ponownie włącz przywracanie systemu:
http://support.microsoft.com/kb/310405/pl
Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date
dilbert
18 Listopad 2012 17:12
#7